We all are aware that Right to Privacy is implicit in the right to life and liberty guaranteed to the citizens of this country by Article 21 of Indian Constitution. This fundamental right is one of the most significant rights when almost all of the Indian population is totally enthralled and captivated in cyberspace for one or other reason and we are not aware about the gaps from where this right can be infringed. These loopholes can be in form of cookies, permissions either explicit or implicit or when we access various websites, social media sites, online shopping sites etc.
Many of us may not even know that at present India is having which specific rules and regulations to protect this right to Privacy. Rather most of us even don’t bother about the same because common perception is that What can happen if my right to privacy is infringed and this casual attitude is very dangerous as social media providers and other online service providers are making merry of the ignorance of Indian citizen about protecting this Right to Privacy and minting tons of dollars.
This casual attitude of protecting this vital Fundamental right was witnessed in recent Supreme Court hearings wherein Government asked for some more time to inform to the court that what measures Government have initiated to frame the rules and regulations to protect this very important Fundamental Right.
And when similar situation was there almost FIVE YEARS AGO, the government has replied in similar manner and now WE ARE AGAIN LANDED AT SQUARE ONE. To refresh memory of those who may not recall the incident which happen five years ago, let us recall the same.
WhatsApp began its operations around 2010 and did not enable users’ data to be exchanged with any other entity for commercial exploitation from its commencement. WhatsApp, a non-revenue generating app, was bought for $19 billion by Facebook in February 2014, with the commercial interest best known to Facebook only and in the takeover agreement it was assured to users as well as to previous owners of WhatsApp that privacy policy would remain unchanged and WhatsApp, in its new Avatar, will never compromise with the data it had on its services. Rather as per my understanding it was essential and voidable term of the contract between parties.
Nonetheless, in 2016, WhatsApp, now controlled by Facebook, showed its true colour and unashamedly declared a shift to its privacy policies stating that it will now share information with Facebook family companies. It is Open Secret that Facebook makes money by commercial exploitation of entire data, it has with it.
It needs to be noted that The European Commission has already fined Facebook €110 million for providing incorrect or misleading information during the Commission’s 2014 investigation under the EU Merger Regulation of Facebook’s acquisition of WhatsApp. When Facebook notified the acquisition of WhatsApp in 2014, it informed the EU Commission that it would be unable to establish reliable automated matching between Facebook users’ accounts and WhatsApp users’ accounts. It stated this both in the notification form and in a reply to a request of information from the European Commission. However, in August 2016, WhatsApp announced updates to its terms of service and privacy policy, including the possibility of linking WhatsApp users’ phone numbers with Facebook users’ identities. The Commission also found that, contrary to Facebook’s statements in the 2014 merger review process, the technical possibility of automatically matching Facebook and WhatsApp users’ identities already existed in 2014, and that Facebook staff were aware of such a possibility. This establishes the wicked attitudes of FB towards different legal regimes in the world.
On 26th August 2016, a writ petition Number 7663 was filed in India at Delhi high court for protecting the rights of users of the WhatsApp application after its updates of terms of service in 2016. The High Court of Delhi discarded the writ petition and granted partial relaxation to the petitioner in September 2016 , in response towards this order, a Special Leave Petition was filed with the Supreme Court (Civil) No. 804 of 2017) seeking, first of, whether the privacy policy infringes the right to privacy of its user groups, furthermore, whether the failure of the user to share their data with Facebook is impermissible and, lastly, whether the way in which WhatsApp obtains user assent is misleading and manipulative. Additional question raised was Does the Internet networking systems that allow users to share text/audio/video messages, data and render audio/video calls constitute ‘telecommunication’ systems and are subject to regulation by the competent authorities?
The Supreme Court on September 6, 2017 directed Facebook and WhatsApp to file affidavits explaining what data is being shared by them, which were duly filed by the respective respondent. It was vehemently argued by petitioner that privacy being a common law right and also guaranteed under Article 21 of the constitution, the state must regulate data sharing and enact legislation to protect privacy rights.
It was submitted on affidavit that WhatsApp has built-in privacy in form of end-to-end encryption and other security features and it does not store user messages once they’ve been delivered and being end-to-end encrypted, WhatsApp and third parties can’t read any messages. Also, it was submitted that users may delete their WhatsApp account at any time (including if users want to revoke their consent to WhatsApp’s use of their information) using WhatsApp’s in-app ‘delete my account’ feature.
Delhi High Court held in September 2016 that the contention of the Petitioners that the proposed change in the Privacy Policy of WhatsApp amounts to infringement of the Right to Privacy guaranteed under Article 21 of the Constitution of India, cannot be a valid ground to grant the reliefs as prayed for since the legal position regarding the existence of the fundamental right to privacy is yet to be authoritatively decided.
Thereafter in 2017, WhatsApp and Facebook filed a Special Leave Petition with the Supreme Court seeking the following issues to be considered ; 1) Whether the privacy policy infringes the right to privacy of its user groups, 2) Whether the failure of the user to share their data with Facebook is impermissible, 3) Whether the way in which WhatsApp obtains user assent is misleading, and 4) the Internet networking systems that allow users to share text/audio/video messages, data and render audio/video calls constitute ‘telecommunication’ systems and are subject to regulation by the competent authorities?
In this SLP, the Government on 6.9.2017 submitted an Office Memorandum dated 31.7.2017 stating that it had constituted a Committee of Experts to deliberate on a data protection framework for India and data protection legislation can only be brought forward after a report by the Committee of Experts has been discussed. It was also stated further that the Government of India is cognizant of the growing importance of data protection in India. The need to ensure growth of the digital economy while keeping personal data of citizens secure and protected is of utmost importance.
The Terms of Reference were a) To study various issues relating to data protection in India b) To make specific suggestions for consideration of the Central Government on principles to be considered for data protection in India and suggest a draft data protection bill. It was also submitted by Mr. Tushar Mehta, learned Additional Solicitor General appearing on behalf of the Union of India at that time that after the report comes into being, there is a possibility that the law shall be passed regulating the data protection.
Thereafter a draft Personal Data Protection Bill 2018 was submitted and put before parliament and wisemen suggested some suggestions and thereafter PDPB2019 was tabled in Parliament. Thereafter a Joint Parliamentary Committee was constituted to hear views from all the stakeholders to make this bill broader and covering all the features of the Data Protection including non-personal data also. And suddenly on 3’rd August 2022, government of India withdrew this important bill from the parliament stating that it would soon be replaced by “a comprehensive legal framework,” that will be “designed to address all of the contemporary and future challenges of the digital ecosystem,”.
Mr. Tushar Mehta, now the learned Solicitor General of India, submitted on hearing held on 23 September 2022 before the Five Bench Constitution Bench that the matters came up suddenly yesterday night. It is pointed out that these are the cases where a Bill was introduced but for some reasons it was withdrawn. However, the learned Solicitor General pointed out that the Parliament is considering on bringing in a new law which should address the concerns of the parties. His definite stand that the policy of the Government of India is that the users of all the intermediaries in India should not suffer discrimination in comparison to the users of these platforms anywhere else in the world.
This completes the entire circle and we are again at Square ONE.
The decision on the petition is still underway and, with a clear acknowledgement of the fundamental right to privacy in Justice Puttaswamy case, it seems to be a testing ground for Indian Parliament as how to implement the Data Protection Law in India.
Dr. Mahendra Limaye
Cyber Legal and Data Privacy Consultant